Dorks -Bug bounty edition-

###Extra dorks for Bug Bounties ###
 
site:accounts..com/signin/ intitle:"index of" drupal intitle:"index of" admin inurl:login.cgiPages Containing Login Portals site:/joomla/administrator
inurl:"server-status" intitle:"Apache Status" intext:"Apache Server Status for"
inurl:/login/index.jsp -site:hertz.*
intitle:"Index of" inurl:wp-json/oembed
intitle:"Index of" phpmyadmin
intitle:"Index of" wp-admin
intitle:index.of.?.sql
inurl: /filemanager/dialog.php
s3 site:amazonaws.com filetype:log
inurl:cgi/login.pl
inurl:zoom.us/j and intext:scheduled for
site:*/auth intitle:login
inurl: admin/login.aspxPages Containing Login Portals
"Index of" inurl:webalizer
"Index of" inurl:phpmyadmin
"Index of" inurl:htdocs inurl:xampp
s3 site:amazonaws.com intext:dhcp filetype:txt inurl:apollo
inurl:/index.aspx/login
site:amazonaws.com inurl:login.php
intitle:"IIS Windows Server" -inurl:"IIS Windows Server"
intitle:"Apache2 Ubuntu Default Page: It works"
inurl:/filedown.php?file=
inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
inurl:app/kibana intext:Loading Kibana
site:https://docs.google.com/spreadsheets edit
intitle:"index of" unattend.xml
inurl:/admin/index.php
inurl:bc.googleusercontent.com intitle:index of
inurl:office365 AND intitle:"Sign In | Login | Portal"
intext:"@gmail.com" AND intext:"@yahoo.com" filetype:sql
intitle:OmniDB intext:"user. pwd. Sign in."
intitle:"qBittorrent Web UI" inurl:8080
site:com inurl:jboss filetype:log -github.com
intitle:"index of" ".cpanel/caches/config/"
inurl:'/scopia/entry/index.jsp'
inurl:/index.aspx/login
intitle: "index of" "./" "./bitcoin"
inurl:/portal/apis/fileExplorer/
intitle:"index of" "/aws.s3/"
intitle:"index of" hosts.csv | firewalls.csv | linux.csv | windows.csv
intitle:Test Page for the Nginx HTTP Server on Fedora
inurl:_cpanel/forgotpwd
intitle:"index of /" intext:/backup
intitle:"Swagger UI - " + "Show/Hide"
site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
intext:"class JConfig {" inurl:configuration.php
"index of" "database.sql.zip"
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidentialext:inc "pwd=" "UID="
ext:ini intext:env.ini
ext:ini Version=... password
ext:ini Version=4.0.0.4 password
ext:ini eudora.ini
ext:ini intext:env.ini
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
filetype:SWF SWF
filetype:TXT TXT
filetype:XLS XLS
filetype:asp   DBQ=" * Server.MapPath("*.mdb")
filetype:asp "Custom Error Message" Category Source
filetype:asp + "[ODBC SQL"
filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\") 
filetype:asp “Custom Error Message” Category Source
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:conf inurl:firewall -intitle:cvs 
filetype:conf inurl:proftpd. PROFTP FTP server configuration file reveals
filetype:dat "password.dat
filetype:dat \"password.dat\" 
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"
filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\" 
filetype:eml eml +intext:”Subject” +intext:”From” +intext:”To”
filetype:inc dbconn 
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect 
filetype:log inurl:"password.log"
filetype:log username putty PUTTY SSH client logs can reveal usernames
filetype:log “PHP Parse error” | “PHP Warning” | “PHP Error”
filetype:mdb inurl:users.mdb
filetype:ora ora
filetype:ora tnsnames
filetype:pass pass intext:userid
filetype:pdf "Assessment Report" nessus
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\" 
filetype:reg reg +intext:â? WINVNC3â?
filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword”
filetype:reg reg HKEY_ Windows Registry exports can reveal
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql (\"passwd values\" | \"password values\" | \"pass values\" ) 
filetype:sql (\"values * MD\" | \"values * password\" | \"values * encrypt\") 
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:sql password 
filetype:sql “insert into” (pass|passwd|password)
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:url +inurl:\"ftp://\" +inurl:\";@\" 
filetype:url +inurl:”ftp://” +inurl:”;@”
filetype:xls inurl:"email.xls"
filetype:xls username password email
index of: intext:Gallery in Configuration mode
index.of passlist
index.of perform.ini mIRC IRC ini file can list IRC usernames and
index.of.dcim 
index.of.password 
intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
intext:"#mysql dump" filetype:sql
intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
intext:"A syntax error has occurred" filetype:ihtml
intext:"ASP.NET_SessionId" "data source="
intext:"About Mac OS Personal Web Sharing"
intext:"An illegal character has been found in the statement" -"previous message"
intext:"AutoCreate=TRUE password=*"
intext:"Can't connect to local" intitle:warning
intext:"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-
intext:"Fatal error: Call to undefined function" -reply -the -next
intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu
intext:"Generated by phpSystem"
intext:"Host Vulnerability Summary Report"
intext:"HostingAccelerator" intitle:"login" +"Username" -"news" -demo
intext:"IMail Server Web Messaging" intitle:login
intext:"Incorrect syntax near"
intext:"Index of" /"chat/logs"
intext:"Index of /network" "last modified"
intext:"Index of /" +.htaccess
intext:"Index of /" +passwd
intext:"Index of /" +password.txt
intext:"Index of /admin"
intext:"Index of /backup"
intext:"Index of /mail"
intext:"Index of /password"
intext:"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"
intext:"Thank you for your order"   +receipt
intext:"Thank you for your order" +receipt
intext:"Thank you for your purchase" +download
intext:"The following report contains confidential information" vulnerability -search
intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"
intext:"phpMyAdmin MySQL-Dump" filetype:txt
intext:"phpMyAdmin" "running on" inurl:"main.php"
intextpassword | passcode)   intextusername | userid | user) filetype:csv
intextpassword | passcode) intextusername | userid | user) filetype:csv
intitle:"index of" etc/shadow
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" mysql.conf OR mysql_config
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" spwd
intitle:"index of" user_carts OR user_cart
intitle:"index.of *" admin news.asp configview.asp
inurl:admin inurl:userlist Generic userlist files
inurl:php?id=
inurl:index.php?id=

#Hunting for SQLi

1. using SQL errors Dork:
site:target.com intext:"sql syntax near" | intext:"incorrect syntax near"

2. indexed page with sql error

3. Confirmed with "waitfor delay'0:0:15'--"
--
SQL dork :
site:target.com intext:"sql syntax near" |intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"

PreviousBasic DorksNextExtra dorks

Last updated